Cluster Computing

, Volume 21, Issue 1, pp 409–421 | Cite as

Trust in IoT: dynamic remote attestation through efficient behavior capture

  • Toqeer AliEmail author
  • Muhammad Nauman
  • Salman Jan


The Internet of Things (IoT) is a latest concept of machine-to-machine communication, that also gave birth to several information security problems. Many traditional software solutions fail to address these security issues such as trustworthiness of remote entities. Remote attestation is a technique given by  Trusted Computing Group (TCG) to monitor and verify this trustworthiness. In this regard, various remote validation methods have been proposed. However, static techniques cannot provide resistance to recent attacks e.g. the latest Heartbleed bug, and the recent high profile glibc attack on Linux operating system. In this research, we have designed and implemented a lightweight Linux kernel security module for IoT devices that is  scalable enough to monitor multiple applications in the kernel space. The newly built technique can measure and report multiple application’s static and dynamic behavior simultaneously. Verification of behavior of applications is performed via machine learning techniques. The result shows that deviating behavior can be detected successfully by the verifier.


Security Remote attestation Trusted computing Dynamic behavior IOT Linux kernel 


  1. 1.
  2. 2.
    Embedded linux keeps growing. (2016). Accessed 08 April 2016
  3. 3.
    Zhao, B., Zhang, H., Guo, H., Qi, Y.: White list security management mechanism based on trusted computing technology. System 1, 6 (2015)Google Scholar
  4. 4.
    Sailer, R., Zhang, X., Jaeger, T., van Doorn, L.: Design and implementation of a TCG-based integrity measurement architecture. In: SSYM’04: Proceedings of the 13th Conference on USENIX Security Symposium (2004)Google Scholar
  5. 5.
    Li, X., Xuan, Z., Wen, L.: Research on the architecture of trusted security system based on the internet of things. In: Intelligent Computation Technology and Automation (ICICTA), 2011 International Conference on, vol. 2, pp. 1172–1175 (2011). doi: 10.1109/ICICTA.2011.578
  6. 6.
    Tcg. trusted computing group,
  7. 7.
    Coker, G., Guttman, J., Loscocco, P., Herzog, A., Millen, J., O’Hanlon, B., Ramsdell, J., Segall, A., Sheehy, J., Sniffen, B.: Principles of remote attestation. Int J Inf Secur 10(2), 63–81 (2011). doi: 10.1007/s10207-011-0124-7 CrossRefGoogle Scholar
  8. 8.
    Sailer, R., Zhang, X., Jaeger, T., Van Doorn, L.: Design and implementation of a tcg-based integrity measurement architecture. InUSENIX Security Symposium, vol. 13, pp. 223–238.(2004)Google Scholar
  9. 9.
    Gu, L., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on program execution. In: Proceedings of the 3rd ACM Workshop on Scalable Trusted Computing, STC ’08, pp. 11–20. ACM, New York (2008). doi: 10.1145/1456455.1456458
  10. 10.
    Kil, C., Sezer, E.C., Azab, A.M., Ning, P., Zhang, X.: Remote attestation to dynamic system properties: Towards providing complete system integrity evidence. In: Dependable Systems & Networks, 2009. DSN’09. IEEE/IFIP International Conference on, pp. 115–124. IEEE (2009)Google Scholar
  11. 11.
    Trusting Computing Group. (2014). Accessed 17 Dec 2015
  12. 12.
  13. 13.
    Durumeric, Z., Kasten, J., Adrian, D., Halderman, J.A., Bailey, M., Li, F., Weaver, N., Amann, J., Beekman, J., Payer, M., et al.: The matter of heartbleed. In: Proceedings of the 2014 Conference on Internet Measurement Conference, pp. 475–488. ACM (2014)Google Scholar
  14. 14.
    Loscocco, P.A., Wilson, P.W., Pendergrass, J.A., McDonell, C.D.: Linux kernel integrity measurement using contextual inspection. In: Proceedings of the 2007 ACM Workshop on Scalable Trusted Computing, STC ’07, pp. 21–29. ACM, New York (2007). doi: 10.1145/1314354.1314362
  15. 15.
    Liang, G., Ding, X., Deng, R.H., Xie, B., Mei, H.: Remote attestation on function execution (2009)Google Scholar
  16. 16.
    Tanveer, T.A., Alam, M., Nauman, M.: Scalable remote attestation with privacy protection. In: Trusted Systems, pp. 73–87. Springer, Heidelberg (2010)Google Scholar
  17. 17.
    Ismail, R., Syed, T.A., Musa, S.: Design and implementation of an efficient framework for behaviour attestation using n-call slides. In: Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, p. 36. ACM (2014)Google Scholar
  18. 18.
    Uppuluri, P., Sekar, R.: Experiences with specification-based intrusion detection. In: Recent Advances in Intrusion Detection, pp. 172–189. Springer, Heidelberg (2001)Google Scholar
  19. 19.
    Ni, L., Zheng, H.Y.: An unsupervised intrusion detection method combined clustering with chaos simulated annealing. In: Machine Learning and Cybernetics, 2007 International Conference on, vol. 6, pp. 3217–3222. IEEE (2007)Google Scholar
  20. 20.
    Gong, Y., Mabu, S., Chen, C., Wang, Y., Hirasawa, K.: Intrusion detection system combining misuse detection and anomaly detection using genetic network programming. In: ICCAS-SICE, 2009, pp. 3463–3467. IEEE (2009)Google Scholar
  21. 21.
    Creech, G., Hu, J.: A semantic approach to host-based intrusion detection systems using contiguousand discontiguous system call patterns. IEEE Trans Computers 63(4), 807–819 (2014)MathSciNetCrossRefzbMATHGoogle Scholar
  22. 22.
    Yin, H., Song, D., Egele, M., Kruegel, C., Kirda, E.: Panorama: Capturing system-wide information flow for malware detection and analysis. In: Proceedings of the 14th ACM Conference on Computer and communications security, pp. 116–127. ACM (2007)Google Scholar
  23. 23.
    Canali, D., Lanzi, A., Balzarotti, D., Kruegel, C., Christodorescu, M., Kirda, E.: A quantitative study of accuracy in system call-based malware detection. In: Proceedings of the 2012 International Symposium on Software Testing and Analysis, pp. 122–132. ACM (2012)Google Scholar
  24. 24.
    Ali, T., Alam, M., Nauman, M., Ali, T., Ali, M., Anwar, S.: A scalable and privacy preserving remote attestation mechanism. Inf-An Int Interdiscipl J 14(4), 1193–1203 (2011)Google Scholar
  25. 25.
    Ismail, R., Syed, T.A., Musa, S.: Design and implementation of an efficient framework for behaviour attestation using n-call slides. In: Proceedings of the 8th International Conference on Ubiquitous Information Management and Communication, ICUIMC ’14, pp. 36:1–36:8. ACM, New York (2014). doi: 10.1145/2557977.2558002
  26. 26.
    Hall, M., Frank, E., Holmes, G., Pfahringer, B., Reutemann, P., Witten, I.H.: The weka data mining software: an update. SIGKDD Explor. Newsl. 11(1), 10–18 (2009). doi: 10.1145/1656274.1656278 CrossRefGoogle Scholar

Copyright information

© Springer Science+Business Media New York 2017

Authors and Affiliations

  1. 1.Faculty of Computer and Information SystemIslamic University of Al Madinah Al MunawwaraMedinaSaudi Arabia
  2. 2.Max Plank Institute for Software SystemsKaiserslauternGermany
  3. 3.Universiti Kuala LumpurKuala LumpurMalaysia

Personalised recommendations